Re: [openssl.org #2279] issue with compilation openssl -make install

2012-06-19 Thread Andy Polyakov via RT
I am trying to compile openssl in solaris 8 I use this : ./Configure --prefix=/soft/nrpe --openssldir=/soft/nrpe no-hw no-zlib solaris-sparcv8-cc shared Then make When I did the make test I met these errors : CMS consistency test /usr/bin/perl cms-test.pl CMS = PKCS#7 compatibility

Re: linker error while compiling latest openssl release

2012-06-19 Thread Andy Polyakov
I have checked out the latest code from cvs -d anonym...@cvs.openssl.org:/openssl-cvs co openssl Below is the error message. sha512-586.s:(.text+0x59): undefined reference to `.L003XOP' http://cvs.openssl.org/chngview?cn=22638

Re: unable to make build_tests for fipscanisteronly config

2012-06-19 Thread Shruthi rangan
I am able to build the tests succesfully from the OpenSSL-fips-2_0-dev branch. While validating the DRBG Validation list from NIST. I find all the validations (*HASH_DRBG.txt, HMAC_DRGB.txt, **Dual_EC_DRBG.txt.* )passing except *CTR_DRBG*: Below is the error message. ./fips_drbgvs

Re: unable to make build_tests for fipscanisteronly config

2012-06-19 Thread Dr. Stephen Henson
On Wed, Jun 20, 2012, Shruthi rangan wrote: I am able to build the tests succesfully from the OpenSSL-fips-2_0-dev branch. While validating the DRBG Validation list from NIST. I find all the validations (*HASH_DRBG.txt, HMAC_DRGB.txt, **Dual_EC_DRBG.txt.* )passing except *CTR_DRBG*: Below

Re: OCSP Stapling bug with multiple certs (e.g. an RSA cert and an ECC cert)

2012-06-19 Thread Rob Stradling
On 18/06/12 11:40, Rob Stradling wrote: On 16/06/12 23:31, Dr. Stephen Henson wrote: snip Is there a way to patch httpd so that it can work around the limitations in the OpenSSL API and always send the correct OCSP Response? Possible changes to OpenSSL: Should the Stapling Callback function be

[openssl.org #2836] [PATCH] Staple the correct OCSP Response when multiple certs are configured

2012-06-19 Thread Rob Stradling via RT
The OCSP Stapling Callback function (s-ctx-tlsext_status_cb) is called during the parsing of the ClientHello message, before the server has decided which cipher to use. However, since the choice of cipher can influence which server certificate is sent, this means that the wrong OCSP Response

Re: unable to make build_tests for fipscanisteronly config

2012-06-19 Thread Shruthi rangan
Thanks it works now. On Wed, Jun 20, 2012 at 2:51 AM, Dr. Stephen Henson st...@openssl.orgwrote: On Wed, Jun 20, 2012, Shruthi rangan wrote: I am able to build the tests succesfully from the OpenSSL-fips-2_0-dev branch. While validating the DRBG Validation list from NIST. I find all the